Lecture 2 Flashcards
(33 cards)
What does Article 12 of the 1948 Universal Declaration of Human Rights state about privacy?
It prohibits arbitrary interference with privacy, family, home, or correspondence and protects against attacks on honour and reputation.
How does the European Convention on Human Rights (Art. 8.1) define the right to privacy?
Everyone has the right to respect for their private and family life, home, and correspondence.
What is the difference between the right to privacy and the right to data protection?
The right to privacy relates to private life, while the right to data protection applies to any processing of personal data, even outside the private sphere.
What does Article 8 of the EU Charter of Fundamental Rights say about data protection?
It guarantees fair processing, rights to access and rectify personal data, and independent supervision.
Is the right to data protection recognized by the UN?
No, the UN does not recognize it as a human right, although it acknowledges its importance in a 2013 resolution.
Can the rights to privacy and data protection be limited?
Yes, to protect general interests or the rights of others, as long as the limitation is proportional.
What is the GDPR and when did it come into force?
The General Data Protection Regulation, effective since 25 May 2018, harmonizes data protection across the EU.
To whom does the GDPR apply?
To all organizations processing data of individuals in the EU, including non-EU organizations.
What is considered personal data under GDPR?
Any data relating to an identifiable individual, including sensitive data like biometrics and sexual orientation.
What is the difference between anonymized and pseudonymized data?
Anonymized data is not personal data; pseudonymized data can still identify someone indirectly.
What is the role of a data controller versus a data processor?
The controller decides why and how data is processed; the processor acts on the controller’s behalf.
What constitutes valid consent under the GDPR?
Consent must be freely given, specific, informed, and unambiguous.
What are the 7 principles of data processing under the GDPR?
1) Lawfulness, fairness, transparency; 2) Purpose limitation; 3) Data minimization; 4) Accuracy; 5) Storage limitation; 6) Integrity and confidentiality; 7) Accountability.
What does the GDPR principle of data minimization mean?
Only the necessary data should be collected and processed for the stated purpose.
What is the principle of accountability under GDPR?
Controllers/processors must implement and demonstrate compliance measures.
What is the role of national supervisory authorities under GDPR?
They enforce compliance, handle violations, and can impose fines or data deletion orders.
What is the European Data Protection Board?
An EU body ensuring consistent GDPR application, composed of the European Data Protection Supervisor and national authorities.
What are the 8 rights of data subjects under the GDPR?
1) To be informed; 2) Of access; 3) To rectification; 4) To erasure; 5) To restrict processing; 6) To data portability; 7) To object; 8) Against automated decision-making and profiling.
What penalties can be imposed for GDPR violations?
Fines up to €20 million or 4% of global turnover, whichever is higher.
What is the goal of the EU Data Strategy?
To create a single market for data with fair access and strong protections for privacy and competition.
Which four regulations are central to the EU Data Strategy?
Digital Services Act (DSA), Digital Markets Act (DMA), Data Governance Act (DGA), and Data Act.
What are the two components of the Digital Services Package?
The Digital Services Act (DSA) and the Digital Markets Act (DMA).
What does the DSA regulate?
Intermediary digital service providers: content moderation, advertising transparency, and user rights.
What are VLOPs and VLOSEs under the DSA?
Very Large Online Platforms/Search Engines with over 45 million EU users; subject to extra diligence rules.
